import express from 'express';
import {
  registerUser,
  loginUser,
  getUsers,
  getUserById,
  updateUser,
  deleteUser,
  getUserPermissions,
  addPermissionToUser,
  removePermissionFromUser
} from '../controllers/userController.js';
import { auth, hasPermission } from '../middleware/auth.js';

const router = express.Router();

// 公共路由，无需认证
router.post('/register', registerUser);
router.post('/login', loginUser);

// 受保护路由

// 用户管理路由
router.post('/', 
  auth, 
  hasPermission('create_users'), 
  registerUser);
router.get('/', 
  auth, 
  hasPermission('read_users'), 
  getUsers);
router.get('/:id', 
  auth, 
  hasPermission('read_users'), 
  getUserById);
router.put('/:id', 
  auth, 
  hasPermission('update_users'), 
  updateUser);
router.delete('/:id', 
  auth, 
  hasPermission('delete_users'), 
  deleteUser);

// 权限管理路由
router.get('/permissions/:id', 
  auth, 
  hasPermission('read_permissions'), 
  getUserPermissions);
router.post('/permissions', 
  auth, 
  hasPermission('manage_permissions'), 
  addPermissionToUser);
router.post('/permissions_delete', 
  auth, 
  hasPermission('manage_permissions'), 
  removePermissionFromUser);

export default router;